Google has great news about fixing the Meltdown and Spectre chip flaws

Google on Thursday explained that fixing the severe security issues that affect computers of all sizes out there, with special emphasis on Intel-powered devices, won’t cause significant slowdowns.

Google’s revelations echo Intel’s own assessment of the matter, but they’re a lot more reassuring. Intel’s press release detailing the Meltdown and Spectre security issues seemed to minimize the security risks and performance degradations that users would see after software patches are deployed.

Google said in a blog post on its security blog that it shared a new fix, called Retpoline with its partners which fixes one of the Spectre vulnerabilities (CVE-2017-5715). Google also deployed a Kernel Page Table Isolation (KPTI) fix that protects against the Meltdown (CVE-2017-5754) vulnerability.

After patching its Linux computers on all its computers, Google observed “negligible impact on performance.” That’s great news for anyone using Google services that run on Google’s cloud. One worry was that the cloud would be the most impacted by the patches, but that doesn’t appear to be the case:

There has been speculation that the deployment of KPTI causes significant performance slowdowns. Performance can vary, as the impact of the KPTI mitigations depends on the rate of system calls made by an application. On most of our workloads, including our cloud infrastructure, we see negligible impact on performance.

That doesn’t mean there won’t be slowdowns, and Google can’t guarantee any “particular performance or operational impact.” A report the other day explained what kind of performance slowdowns can be expected on various systems after the fixes are in place.

Google’s fixes are all the more important as it’s one of the entities that discovered the flaws and then notified chipmakers — Google’s official disclosure on Meltdown and Spectre, also posted on Thursday, is available at this link.